Before writing this blog post about residual risk, I thought about how this topic translates into my own life. According to ISO 27001, residual risk is "the risk remaining after risk treatment." In other words, once risks have been identified and treated, what are the remaining risks? And, importantly, is the business willing to accept that level of risk or not?

It has been 16 years since HIPAA legislation was signed into law by President Clinton. In early 2010, the HITECH act was enacted, expanding on the original HIPAA regulations. While these regulations may appear on the surface to apply only to the health and medical industries, the risk and insurance industry may in fact be subject to HIPAA legislation.

About this blog

This is the go-to source for risk, insurance and safety managers to get reliable, informative knowledge and commentary relevant to you and your work. Visit the 3SIXTY blog to engage Ventiv technology experts in risk, insurance and safety.